Privacy Notice

Last updated: August 2025

1. Data Controller

HealthSignal is operated by heal.capital Management GmbH, a company registered in Berlin, Germany.

Contact Information:
heal.capital Management GmbH
Berlin, Germany
Email: info@healcapital.com

2. What Data We Collect

HealthSignal is designed to minimize data collection. We only collect:

  • Server Logs: IP addresses, browser type, device information, and access timestamps for security and technical operation purposes
  • Source Suggestions: If you submit regulatory source suggestions, we store the information you voluntarily provide (source details and optional contact information)
  • Technical Data: Error logs and performance metrics necessary for service operation

We do not collect: Personal accounts, tracking cookies, analytics data, or any information that identifies individual users beyond what is technically necessary for service operation.

3. Legal Basis for Processing

We process your data based on:

  • Legitimate Interest (Article 6(1)(f) GDPR): Server logs and technical data for security, system administration, and service improvement
  • Consent (Article 6(1)(a) GDPR): Source suggestions and any voluntary communications
  • Legal Obligation (Article 6(1)(c) GDPR): Data retention required by German and EU law

4. How We Use Your Data

Your data is used solely for:

  • Providing and maintaining the HealthSignal service
  • Ensuring security and preventing abuse
  • Technical troubleshooting and system improvements
  • Processing and reviewing source suggestions
  • Complying with legal obligations

We do not use your data for marketing, profiling, or any commercial purposes beyond service provision.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties, except:

  • Hosting Services: Our cloud hosting provider processes server logs as part of infrastructure services
  • Legal Requirements: When required by German or EU law enforcement or regulatory authorities
  • Service Protection: To prevent fraud, abuse, or threats to service security

Any data sharing is limited to what is legally required and technically necessary.

6. Data Retention

  • Server Logs: Retained for 30 days for technical operation, then automatically deleted
  • Source Suggestions: Retained for 24 months to track implementation and provide credit
  • Error Logs: Retained for 90 days for technical debugging

Data is automatically deleted according to these schedules unless legal obligations require longer retention.

7. Your Rights Under GDPR

As a data subject, you have the right to:

  • Access: Request information about what personal data we hold about you
  • Rectification: Correct any inaccurate or incomplete personal data
  • Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your personal data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw consent for voluntary data processing

To exercise these rights, contact us at info@healcapital.com. We will respond within 30 days.

8. Cookies and Tracking

Current Status: HealthSignal does not currently use cookies, analytics, or tracking technologies.

Future Implementation: If we add analytics or functionality requiring cookies, we will:

  • Update this Privacy Notice with detailed information
  • Implement a cookie consent banner where legally required
  • Provide granular consent options for non-essential cookies
  • Allow you to manage cookie preferences

Standard hosting infrastructure may create technical cookies or logs for security and performance, which are covered under legitimate interest.

9. International Data Transfers

Your data is processed within the European Economic Area (EEA). Any transfers outside the EEA are subject to appropriate safeguards under GDPR, including adequacy decisions or Standard Contractual Clauses.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encrypted data transmission (HTTPS)
  • Access controls and authentication
  • Regular security updates and monitoring
  • Data minimization and purpose limitation

11. Children's Privacy

HealthSignal is not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it promptly.

12. Changes to This Notice

We may update this Privacy Notice to reflect changes in our practices or legal requirements. Material changes will be prominently posted on the website. Your continued use constitutes acceptance of the updated notice.

13. Supervisory Authority

You have the right to lodge a complaint with the relevant data protection supervisory authority:

Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Website: www.bfdi.bund.de

14. Contact Us

For any questions about this Privacy Notice or data protection matters:

Email: info@healcapital.com
Subject Line: "HealthSignal Privacy Inquiry"

We are committed to protecting your privacy and will respond to all inquiries promptly and transparently.